PAIA MANUAL

Prepared in terms of Section 51 of the Promotion of Access to Information Act, No. 2 of 2000 (as amended)

Castlerock (Pty) Ltd.

Last Updated: 7 April 2026
Date of Revision: 7 April 2026

1. Introduction

This manual has been prepared in accordance with Section 51 of the Promotion of Access to Information Act (PAIA) to facilitate requests for access to information held by Castlerock.

It outlines:

  • The types of records we hold
  • How to request access to those records
  • How we process personal information in terms of POPIA

Castlerock is committed to transparency, accountability, and the responsible handling of information.

2. Company Details

  • Company Name: Castlerock (Pty) Ltd
  • Registration Number: [Insert Registration Number]
  • Information Officer: Gregory Day
  • Email: compliance@castlerock.co
  • Phone: +27 21 418 0112
  • Website: https://www.castlerock.co

3. Guide on How to Use PAIA

A guide on how to use PAIA is available from the Information Regulator:

🌐 https://www.justice.gov.za/inforeg/

This guide explains:

  • How to make a request for access to records
  • Applicable fees
  • Available remedies if a request is denied

4. Applicable Legislation

Castlerock complies with applicable legislation, including but not limited to:

  • Promotion of Access to Information Act (PAIA)
  • Protection of Personal Information Act (POPIA)
  • Electronic Communications and Transactions Act
  • Companies Act
  • Labour Relations Act
  • Basic Conditions of Employment Act
  • Income Tax Act and VAT Act

5. Records Held by Castlerock

5.1 Company Records

  • Registration documents
  • Memorandum of Incorporation
  • Shareholder agreements
  • Corporate governance documents

5.2 Financial Records

  • Accounting records
  • Tax returns
  • Invoices and billing records
  • Banking details

5.3 Human Resources Records

  • Employment contracts
  • Employee records
  • Payroll records
  • Disciplinary records

5.4 Client and Service Records

  • Client agreements
  • Service level agreements (SLAs)
  • Support records and tickets
  • Project documentation

5.5 IT and Technical Records

  • System configurations
  • Security logs
  • Network and infrastructure documentation

5.6 Marketing and Communications

  • Website content
  • Marketing materials
  • Newsletter and campaign data

6. Records Available Without Request

Certain records may be made available without a formal PAIA request, including:

  • Information on our website
  • General service information
  • Public marketing content

7. Processing of Personal Information (POPIA)

7.1 Purpose of Processing

Castlerock processes personal information to:

  • Deliver IT services
  • Manage client relationships
  • Support internal operations
  • Comply with legal obligations

7.2 Categories of Data Subjects

We may process information relating to:

  • Clients and client representatives
  • Employees and contractors
  • Suppliers and service providers
  • Website users

7.3 Types of Personal Information

  • Contact details
  • Identification information
  • Financial information
  • Technical and usage data

7.4 Recipients of Personal Information

We may share information with:

  • Service providers and partners
  • Technology platforms (e.g. hosting, CRM)
  • Regulatory authorities where required

7.5 International Transfers

Personal information may be transferred outside South Africa where necessary, with appropriate safeguards in place.

7.6 Data Security Measures

We implement appropriate technical and organisational measures to protect personal information, including:

  • Access controls
  • Encryption
  • Monitoring and security systems

8. Request Procedure

To request access to records, please:

  • Contact the Information Officer at the contact details above
  • Provide sufficient detail to identify the requested record

9. Fees

Request fees may apply as prescribed by PAIA regulations.

You will be notified if:

  • A request fee is required
  • Additional access or reproduction fees apply

10. Grounds for Refusal

Access to records may be refused in accordance with PAIA, including where:

  • Disclosure would involve unreasonable personal information
  • The information is commercially sensitive
  • Legal privilege applies
  • Security or confidentiality could be compromised

11. Remedies

If your request is denied, you may:

  • Lodge a complaint with the Information Regulator
  • Apply to a court for appropriate relief

12. Availability of This Manual

This manual is available:

  • On our website: https://www.castlerock.co
  • On request from the Information Officer

13. Updating of the Manual

This manual will be updated periodically to reflect changes in legislation or business operations.